Hijacklog

koolkid12349

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:31, on 2008-08-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5625 bytes

well not sure what happened here, avg 8 is telling me something about trojan horse backdoor.vb.arm not sure whats been happening
 

koolkid12349

New Member
ComboFix 08-08-03.03 - Owner 2008-08-04 3:44:11.28 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.659 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\VMD23ZLN\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\VMD23ZLN\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-02 00:46 . 2008-08-02 00:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-26 20:41 . 2008-07-26 20:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-07-26 19:12 . 2008-07-26 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-26 19:12 . 2008-07-26 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-26 19:10 . 2008-07-26 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-07-26 14:25 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-26 14:25 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-26 14:25 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-26 14:25 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-21 03:36 . 2008-07-21 03:36 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-21 03:36 . 2008-07-21 03:36 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-21 03:31 . 2008-08-01 04:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-07-21 03:29 . 2008-07-21 03:29 <DIR> d-------- C:\Program Files\Skype
2008-07-21 03:29 . 2008-07-21 03:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-21 03:29 . 2008-07-21 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-20 01:24 . 2008-07-20 01:24 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-19 20:28 . 2008-07-19 20:28 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-19 02:25 . 2008-07-19 02:25 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys
2008-07-17 21:03 . 2008-07-17 21:03 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys
2008-07-17 13:21 . 2008-07-17 13:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys
2008-07-16 19:03 . 2008-07-16 19:03 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys
2008-07-16 15:20 . 2008-07-20 01:34 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-16 15:20 . 2008-07-16 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-16 12:19 . 2008-07-16 12:19 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys
2008-07-16 03:31 . 2008-07-16 03:31 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys
2008-07-15 12:36 . 2008-07-15 12:36 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys
2008-07-14 17:09 . 2008-07-14 17:09 434,819 --a------ C:\picture157.jpg
2008-07-14 12:20 . 2008-07-14 12:20 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(12).sys
2008-07-14 00:48 . 2008-07-14 00:48 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(13).sys
2008-07-13 22:19 . 2008-07-13 22:19 268 --ah----- C:\sqmdata19.sqm
2008-07-13 22:19 . 2008-07-13 22:19 244 --ah----- C:\sqmnoopt19.sqm
2008-07-13 18:30 . 2008-07-13 18:30 269,035 --a------ C:\picture156.jpg
2008-07-13 12:36 . 2008-07-13 12:36 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-07-13 03:09 . 2008-07-13 03:09 <DIR> d-------- C:\Nexon
2008-07-13 02:56 . 2008-07-13 02:56 268 --ah----- C:\sqmdata18.sqm
2008-07-13 02:56 . 2008-07-13 02:56 244 --ah----- C:\sqmnoopt18.sqm
2008-07-12 20:53 . 2008-07-12 20:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-12 20:49 . 2008-07-12 20:49 268 --ah----- C:\sqmdata17.sqm
2008-07-12 20:49 . 2008-07-12 20:49 244 --ah----- C:\sqmnoopt17.sqm
2008-07-12 20:41 . 2008-07-12 20:41 268 --ah----- C:\sqmdata16.sqm
2008-07-12 20:41 . 2008-07-12 20:41 244 --ah----- C:\sqmnoopt16.sqm
2008-07-12 13:55 . 2008-07-12 13:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2008-07-12 01:41 . 2008-07-12 01:41 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2008-07-12 01:37 . 2008-07-12 01:37 268 --ah----- C:\sqmdata15.sqm
2008-07-12 01:37 . 2008-07-12 01:37 244 --ah----- C:\sqmnoopt15.sqm
2008-07-11 23:57 . 2008-07-11 23:57 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2008-07-11 23:54 . 2008-07-23 19:56 268 --ah----- C:\sqmdata14.sqm
2008-07-11 23:54 . 2008-07-23 19:56 244 --ah----- C:\sqmnoopt14.sqm
2008-07-11 00:55 . 2008-07-20 13:28 268 --ah----- C:\sqmdata13.sqm
2008-07-11 00:55 . 2008-07-20 13:28 244 --ah----- C:\sqmnoopt13.sqm
2008-07-10 01:56 . 2008-07-10 01:56 70,177 --a------ C:\watermellons.jpg
2008-07-09 16:25 . 2008-07-20 01:55 268 --ah----- C:\sqmdata12.sqm
2008-07-09 16:25 . 2008-07-20 01:55 244 --ah----- C:\sqmnoopt12.sqm
2008-07-09 16:13 . 2008-07-20 01:05 268 --ah----- C:\sqmdata11.sqm
2008-07-09 16:13 . 2008-07-20 01:05 244 --ah----- C:\sqmnoopt11.sqm
2008-07-09 13:55 . 2008-07-20 00:59 268 --ah----- C:\sqmdata10.sqm
2008-07-09 13:55 . 2008-07-20 00:59 244 --ah----- C:\sqmnoopt10.sqm
2008-07-09 13:43 . 2008-07-09 13:43 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-09 13:43 . 2008-07-09 13:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-09 13:14 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\005344_.tmp
2008-07-08 02:11 . 2008-07-20 00:53 268 --ah----- C:\sqmdata09.sqm
2008-07-08 02:11 . 2008-07-20 00:53 244 --ah----- C:\sqmnoopt09.sqm
2008-07-07 23:36 . 2008-07-07 23:36 301,986 --a------ C:\ninja.jpg
2008-07-07 22:19 . 2008-07-07 23:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-07-07 22:18 . 2008-07-07 22:19 <DIR> d-------- C:\Program Files\Hamachi
2008-07-07 22:18 . 2008-07-07 22:18 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-07 16:51 . 2008-07-08 13:05 <DIR> d-------- C:\Program Files\Jnes 0.6
2008-07-07 11:54 . 2008-07-07 11:54 318,998 --a------ C:\picture155.jpg
2008-07-05 13:53 . 2008-07-20 00:19 268 --ah----- C:\sqmdata08.sqm
2008-07-05 13:53 . 2008-07-20 00:19 244 --ah----- C:\sqmnoopt08.sqm
2008-07-05 00:21 . 2008-07-19 23:45 268 --ah----- C:\sqmdata07.sqm
2008-07-05 00:21 . 2008-07-19 23:45 244 --ah----- C:\sqmnoopt07.sqm
2008-07-04 23:26 . 2008-07-19 21:21 268 --ah----- C:\sqmdata06.sqm
2008-07-04 23:26 . 2008-07-19 21:21 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 07:31 --------- d-----w C:\Program Files\mIRC
2008-08-04 03:30 23 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-07-29 18:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-07-26 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-26 23:11 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-16 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\GTek
2008-07-13 00:52 --------- d-----w C:\Program Files\MSN Messenger
2008-07-04 16:55 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 16:50 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 16:50 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-30 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-30 01:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\scar5
2008-06-20 06:42 --------- d-----w C:\Program Files\scar5
2008-06-20 06:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\scar5
2008-06-19 16:02 --------- d-----w C:\Program Files\AVG
2008-06-19 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 01:02 --------- d-----w C:\Documents and Settings\Nick\Application Data\teamspeak2
2008-05-08 03:23 36 ----a-w C:\New Text Document.bat
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-09-03 23:03 1,217,264 ----a-w C:\Program Files\Win32OpenSSL_Light-0_9_8e.exe
2007-08-13 23:16 1,008,360 ----a-w C:\Program Files\MzBot no patcher.rar
2007-08-11 03:21 27,728 ----a-w C:\Program Files\file1.jpg
2007-08-09 15:26 664,572,433 ----a-w C:\Program Files\MSSetup.exe
2007-08-01 21:22 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-08-01 20:28 212,849 ----a-w C:\Program Files\scanner.exe.zip
2007-08-01 07:45 921,654 ----a-w C:\Program Files\file.BMP
2007-08-01 07:44 28,272 ----a-w C:\Program Files\file.bin
2007-07-31 19:56 50,375 ----a-w C:\Program Files\SAtrainerFinalv3.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 13:53 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 12:56 1232152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 12:50]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 12:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 12:50]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 12:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 MzBot;MzBot;C:\MzBot.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31eb884b-c43b-11dc-9a32-000874c39918}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\haf3bgo8.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 03:46:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 3:48:28
ComboFix-quarantined-files.txt 2008-08-04 07:48:23
ComboFix2.txt 2008-07-20 05:15:50
ComboFix3.txt 2008-07-13 07:23:12
ComboFix4.txt 2008-06-29 17:22:58
ComboFix5.txt 2008-08-04 07:43:23

Pre-Run: 35,293,593,600 bytes free
Post-Run: 35,335,512,064 bytes free

205 --- E O F --- 2008-07-23 23:59:31
theres the combofix

hjt was preformed before combofix
 

cohen

New Member
1. - Pls remove Viewpoint Manager: Control Panel > Add/Remove Programs > Remove Viewpoint Manager, and reboot.

2. - Can you pls foloow #1 and post a fresh hijackthis log.

3. - What problems are you having???

Thankyou.
 

koolkid12349

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29, on 2008-08-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5323 bytes


and the problem was is ive been having some odd avg popups mentioning trojan backdoors and such, just wanted to check everything and be on the safe side
 

cohen

New Member
OK,

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 

koolkid12349

New Member
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 45993
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:15:07


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.46_11.27.05_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.47_00.52.17_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.47_14.08.24_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.48_15.12.58_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1
C:\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\WINDOWS\system32\IEDFix.exe Infected: Hoax.Win32.Renos.vawl 1

The selected area was scanned.
 

GameMaster

New Member
Hello! This is badly infected but I'm sure your computer should feel better after this fix :D

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\imsins.BAK
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\WINDOWS\005344_.tmp
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\WINDOWS\system32\IEDFix.exe

Drivers to unload:
dump_wmimmc(5).sys
dump_wmimmc(6).sys
dump_wmimmc(7).sys
dump_wmimmc(8).sys
dump_wmimmc(9).sys
dump_wmimmc(10).sys
dump_wmimmc(11).sys
dump_wmimmc(12).sys
dump_wmimmc(13).sys
dump_wmimmc.sys
dump_wmimmc(2).sys
dump_wmimmc(3).sys
dump_wmimmc(4).sys

Folders to delete:
C:\WINDOWS\l2schemas
C:\WINDOWS\system32\CatRoot_bak
C:\Program Files\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 

koolkid12349

New Member
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\imsins.BAK" deleted successfully.
File "C:\sqmdata19.sqm" deleted successfully.
File "C:\sqmnoopt19.sqm" deleted successfully.
File "C:\sqmdata18.sqm" deleted successfully.
File "C:\sqmnoopt18.sqm" deleted successfully.
File "C:\sqmdata17.sqm" deleted successfully.
File "C:\sqmnoopt17.sqm" deleted successfully.
File "C:\sqmdata16.sqm" deleted successfully.
File "C:\sqmnoopt16.sqm" deleted successfully.
File "C:\sqmdata15.sqm" deleted successfully.
File "C:\sqmnoopt15.sqm" deleted successfully.
File "C:\sqmdata14.sqm" deleted successfully.
File "C:\sqmnoopt14.sqm" deleted successfully.
File "C:\sqmdata13.sqm" deleted successfully.
File "C:\sqmnoopt13.sqm" deleted successfully.
File "C:\sqmdata12.sqm" deleted successfully.
File "C:\sqmnoopt12.sqm" deleted successfully.
File "C:\sqmdata11.sqm" deleted successfully.
File "C:\sqmnoopt11.sqm" deleted successfully.
File "C:\sqmdata10.sqm" deleted successfully.
File "C:\sqmnoopt10.sqm" deleted successfully.
File "C:\sqmdata08.sqm" deleted successfully.
File "C:\sqmnoopt08.sqm" deleted successfully.
File "C:\sqmdata07.sqm" deleted successfully.
File "C:\sqmnoopt07.sqm" deleted successfully.
File "C:\sqmdata06.sqm" deleted successfully.
File "C:\sqmnoopt06.sqm" deleted successfully.
File "C:\WINDOWS\005344_.tmp" deleted successfully.
File "C:\sqmdata09.sqm" deleted successfully.
File "C:\sqmnoopt09.sqm" deleted successfully.
File "C:\WINDOWS\system32\IEDFix.exe" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(5).sys" not found!
Deletion of driver "dump_wmimmc(5).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(6).sys" not found!
Deletion of driver "dump_wmimmc(6).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(7).sys" not found!
Deletion of driver "dump_wmimmc(7).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(8).sys" not found!
Deletion of driver "dump_wmimmc(8).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(9).sys" not found!
Deletion of driver "dump_wmimmc(9).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(10).sys" not found!
Deletion of driver "dump_wmimmc(10).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(11).sys" not found!
Deletion of driver "dump_wmimmc(11).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(12).sys" not found!
Deletion of driver "dump_wmimmc(12).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(13).sys" not found!
Deletion of driver "dump_wmimmc(13).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc.sys" not found!
Deletion of driver "dump_wmimmc.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(2).sys" not found!
Deletion of driver "dump_wmimmc(2).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(3).sys" not found!
Deletion of driver "dump_wmimmc(3).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\dump_wmimmc(4).sys" not found!
Deletion of driver "dump_wmimmc(4).sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\l2schemas" deleted successfully.
Folder "C:\WINDOWS\system32\CatRoot_bak" deleted successfully.

Error: folder "C:\Program Files\Viewpoint" not found!
Deletion of folder "C:\Program Files\Viewpoint" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

what was the infection doing?
 

GameMaster

New Member
Ah well you had multiple infections slowing your computer and stealing your data ( trojan backdoors ).

I want to make those are all gone, so please stick with me.


Please download F-Secure BlackLight
  • Save BlackLight to your desktop.
  • Double-click blbeta.exe then accept the agreement.
  • Click > Scan then > Next
  • After the scan you'll see a list of all items found. Please click Next and exit. Don't choose to rename anything yet! I want to see the log first, because legitimate items can also be present there.
  • There will be a log on your desktop with the name fsbl.xxxxxxx.log (where the xxxxxxx are numbers)
    Please post the contents of this log in your next reply.
 

GameMaster

New Member
After that is done, perform the last scan:

Please go HERE to run Panda ActiveScan 2.0
  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply
 

GameMaster

New Member
Good. At least we know there are no more rootkits present.
Could you just post a fresh HijackThis log in your next reply?
 

koolkid12349

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34, on 2008-08-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5364 bytes
 
Top